audn-red

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt requires use of a Bearer token and explicitly tells the agent to ask the user for AUDN_API_TOKEN if not set and to include an Authorization: Bearer header in API calls, which can lead the LLM to receive and verbatim-embed secrets into generated curl/HTTP requests.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill explicitly instructs registering and interacting with a user-provided target API URL (Step 1: "api_url": "<user-provided URL"> and Step 2 verify-text with response_preview) and then executes campaigns and retrieves the target agent's responses/results, meaning it ingests arbitrary, untrusted third-party agent output that could contain instructions and materially influence subsequent decisions and actions.